Lucene search
+L

27 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-33118

Malicious code in bioql PyPI...

9.8CVSS9.5AI score0.5554EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-36411

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.01134EPSS
Exploits0References2
OSV
OSV
added 2024/05/03 2:15 a.m.3 views

CVE-2023-32143

D-Link DAP-1360 webupg UPGCGICheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The...

8.8CVSS6.2AI score0.01134EPSS
Exploits0References2
CVE
CVE
added 2024/05/03 1:56 a.m.79 views

CVE-2023-32143

CVE-2023-32143 describes a remote code execution in D-Link DAP-1360 (and DAP-2020) routers. The flaw is in handling requests to the /cgi-bin/webupg endpoint, where improper validation can cause an integer overflow during buffer allocation, allowing network-adjacent attackers to execute code with ...

8.8CVSS9.1AI score0.01134EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/05/03 1:56 a.m.53 views

CVE-2023-32143 D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability

D-Link DAP-1360 webupg UPGCGICheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The...

8.8CVSS9.3AI score0.01134EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2023/05/04 12:0 a.m.33 views

D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webupg endpoint. The issue...

8.8CVSS7.5AI score0.01134EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/02/06 12:0 a.m.8 views

The vulnerability of the UPGCGI_CheckAuth() function in D-Link’s wireless access points DAP-2020 and DAP-1360 allows a hacker to execute arbitrary code.

The vulnerability of the UPGCGICheckAuth function in D-Link’s wireless access points DAP-2020 and DAP-1360 is related to numerical truncation errors during the processing of the binary file webupg. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

8.8CVSS5.9AI score
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.11 views

PT-2022-6602 · D Link · D-Link Dap-2020 +1

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1360 affected versions not specified D-Link DAP-2020 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link routers. Authentication is...

8.8CVSS9.3AI score0.01134EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2022/05/11 12:0 a.m.10 views

The vulnerability of the cgi-bin/webupg component in D-Link DIR-825AC G1 router microprogramming software allows attackers to circumvent security restrictions.

The vulnerability of the cgi-bin/webupg component of D-Link DIR-825AC G1 microprogramming router software is related to authentication deficiencies when processing the autoupgrade.asp parameter. Exploiting this vulnerability allows a hacker to bypass security restrictions using a specially create...

6.3CVSS7.8AI score0.5554EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/05/11 12:0 a.m.10 views

The vulnerability of the cgi-bin/webupg component in D-Link DIR-825AC G1 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the cgi-bin/webupg component in D-Link DIR-825AC G1 router microprogramming software is related to incorrect processing of the cmd parameter. Exploiting this vulnerability allows an attacker to execute arbitrary commands using a specially created POST request...

6.3CVSS8.1AI score0.32591EPSS
Exploits1References5
CNVD
CNVD
added 2022/04/29 12:0 a.m.17 views

D-Link DIR-825 G1 Command Injection Vulnerability

The DIR-825 G1 is a router from D-Link in Taiwan, China. A command injection vulnerability exists in the D-Link DIR-825 G1 firmware version, which stems from a lack of parameter validation in the "webupg" binary file. The vulnerability can be exploited to execute arbitrary system commands with th...

9CVSS8.3AI score0.32591EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/04/27 11:15 a.m.8 views

CVE-2021-46441

In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization...

9CVSS8.2AI score0.32591EPSS
Exploits1References3
NVD
NVD
added 2022/04/27 11:15 a.m.19 views

CVE-2021-46441

In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization...

9CVSS0.32591EPSS
Exploits1References2
NVD
NVD
added 2022/04/27 11:15 a.m.22 views

CVE-2021-46442

In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization...

9.8CVSS0.5554EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/04/27 11:15 a.m.8 views

CVE-2021-46442

In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization...

9.8CVSS7.8AI score0.5554EPSS
Exploits1References3
Prion
Prion
added 2022/04/27 11:15 a.m.15 views

Authorization

In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization...

7.5CVSS9.6AI score0.5554EPSS
Exploits1References2
Prion
Prion
added 2022/04/27 11:15 a.m.14 views

Authorization

In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization...

9CVSS9AI score0.32591EPSS
Exploits1References2
CVE
CVE
added 2022/04/27 10:12 a.m.97 views

CVE-2021-46441

CVE-2021-46441 affects D-Link DIR-825 G1 firmware with the webupg binary. The vulnerability arises from a lack of parameter verification, allowing an attacker who has obtained authorization to supply cmd parameters that execute arbitrary system commands. Connected advisories corroborate a command...

9CVSS9.6AI score0.32591EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/04/27 10:12 a.m.23 views

CVE-2021-46441

In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization...

9.6AI score0.32591EPSS
Exploits1References2
CVE
CVE
added 2022/04/27 10:10 a.m.88 views

CVE-2021-46442

Summary of CVE-2021-46442 : Affected product is the D-Link DIR-825 G1 router, specifically the webupg binary. The vulnerability allows an attacker to bypass authentication via the parameter involved in the autoupgrade.asp flow, enabling unauthorized actions such as downloading configuration files...

9.8CVSS9.7AI score0.5554EPSS
In wildExploits1References2Affected Software1
Rows per page
Query Builder